14 Geo-Location MYTH you can t control where in the world your data is stored Discussion security considerations for international data storage and processing

15 Geo-Location Control over Cloud Data Offshore storage is a key consideration when selecting a CSP Laws and regulations (e.g., ITAR/export controls, DFARS, certain PII or PHI) may prevent offshore storage of data CSPs are beginning to address this - e.g., you can configure GoogleCloud to prevent offshore storage Don t just focus on storage. What about geo-location for processing? Some cloud vendors provide the option for domestic storage only just pick the right one!

16 Geo-Location MYTH you can determine where your data is stored, just pick the right CSP and contract it in D E K N U B D E

17 Confidentiality MYTH CSPs and their sub-contractors have unfettered access to your data Discussion encryption and key management in the cloud

20 Incidents Response MYTH IR can t be done in the cloud Discussion incidents response and forensics in the cloud

21 What can you do as a Consumer in IR? Prepare Detect & Analyze Least capabilities in SaaS Some capabilities in PaaS Most capabilities in IaaS Contain, Eradicate, Recover Contacts Roles and responsibilities Shut down access to SaaS, no logs Adjust app controls in PaaS, maybe application logs available Take snapshot in IaaS, shut down servers, firewall blocks, review non-network logs Post-incident Activities Similar to traditional Remember! Consumers have the highest level of controls in IaaS and the least control in SaaS - same is true for visibility in the incident management lifecycle.

27 Disaster Recovery and BCP in the Cloud More resilience in the cloud Avoid over reliance on a single provider; avoid vendor lock-ins Have you planned for the disaster of the vendor suddenly going out of business? DR responsibilities shifts but DR planning is still necessary, especially in a SaaS cloud

28 DR/BCP MYTH the cloud may be resilient but you still need to plan, including for failed CSPs ed m r C o n i f

29 Conclusion Security can no longer be seen as an hinderance to moving to the cloud But, tread lightly and diligently!

Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

PCI Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Peter Spier Managing Director PCI and Risk Assurance Fortrex Technologies Agenda Instructor Biography Background On

Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot

1 Governance and Control in the Cloud Infrastructure as a Service Cows 2 The Triumph of the Utility 3 Our Discussion 4 How we ll talk about Governance and Controls today Not an IT-assurance methodology

Your Platform of Choice The Cloud is Not Enough Why Hybrid Infrastructure is Shaping the Future of Cloud Computing Mark Cravotta EVP Sales and Service SingleHop LLC Talk About Confusing? Where do I start?

Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where

Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems

Compliance and the Cloud: What You Can and What You Can t Outsource Presented By: Kate Donofrio Security Assessor Fortrex Technologies Instructor Biography Background On Fortrex What s In A Cloud? Pick

How to Effectively Collaborate with Cloud Providers Speaker Bio Chad Kissinger Chad Kissinger Founder OnRamp Chad Kissinger is the Founder of OnRamp, an industry leading high security and hybrid hosting

Protec'ng Data and Privacy in a World of Clouds and Third Par'es Vincent Campitelli Vice President, IT Risk Management McKesson Corpora-on What is Your Business Model? Economic Moats In business, I look

Seeing Though the Clouds A PM Primer on Cloud Computing and Security NIH Project Management Community Meeting Mark L Silverman Are You Smarter Than a 5 Year Old? 1 Cloud First Policy Cloud First When evaluating

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

Cloud Computing What Auditors need to know This presentation is provided solely for educational purposes and, in developing and presenting these materials, Deloitte is not providing accounting, business,